CVE-2026-34462

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...

CVE-2026-34462

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...

CVE-2026-34462

Sandboxie-Plus (Windows) versions ≤ 1.17.2 are affected by a stack-based overflow in ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler due to copying a WCHAR boxname[34] into a WCHAR[40] buffer with wcscpy without verifying termination. The service pipe allows conn...

CVE-2026-34462 Sandboxie-Plus ProcessServer boxname stack buffer overflows via unterminated wide string copy

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...

EUVD-2026-27462

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...

CVE-2026-34462 Sandboxie-Plus ProcessServer boxname stack buffer overflows via unterminated wide string copy

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...

Sandboxie-Plus 安全漏洞

Sandboxie-Plus is a sandbox isolation software developed by Sandboxie-Plus Inc. Versions of Sandboxie-Plus 1.17.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of wcscat to copy the server field in NamedPipeServer::OpenHandler, without verifying the...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details CVEID:CVE-2021-3572...

wifi: wilc1000: avoid buffer overflow in WID string configuration

...

EUVD-2022-15655

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-0529

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This fl...

Linux Distros Unpatched Vulnerability : CVE-2022-0530

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This fl...

Conversion of a wide string to a local string that leads to a heap of out-of-bound write

...

Conversion of a wide string to a local string that leads to a heap of out-of-bound write

...

GLSA-202310-17 : UnZip: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202310-17 UnZip: Multiple Vulnerabilities - A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to...

Amazon Linux 2023 : unzip (ALAS2023-2023-029)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-029 advisory. A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially...

SUSE CVE-2022-0530

A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution...

EulerOS Virtualization 3.0.2.2 : unzip (EulerOS-SA-2023-1300)

According to the versions of the unzip package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap o...

Amazon Linux 2022 : unzip (ALAS2022-2022-221)

The version of unzip installed on the remote host is prior to 6.0-57. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-221 advisory. - A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null...

Updated unzip packages fix security vulnerability

Improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. CVE-2021-4217 Conversion of a wide string to a local string that leads to a heap of out-of-bound write. Thi...